An integrated circuit (IC) consumes power as a function of operation and design considerations. Leakage current reflects the amount power that is consumed by a device in its various modes that is not attributable to device operation. As conventional processing technologies have allowed circuit dimensions to decrease, leakage current can represent a significant portion of the power consumption of a powered device.
One method for reducing leakage current is to remove power from inactive parts of an IC while preserving power to parts of the IC that must remain active depending on the mode of operation or to preserve data. For example, in a device that includes a central processing unit (CPU) and one or more memory blocks (e.g., integrated in a single IC or distributed over plural ICs), if the CPU is inactive and not executing code (e.g., in a sleep mode), one or more memory blocks associated with the device can be powered down to minimize power consumption. If the memory blocks are of the form of non-volatile memory, such as read only memory (ROMs or EEPROMs) their contents will be preserved. If the memory blocks are of the form of volatile memory, such as random access memory (RAM), their memory contents will not be preserved if power is removed. In some applications, it may be desirable to preserve memory contents and in particular preserve memory contents of volatile memory (RAM) during various operational modes of a given device (e.g., during low power mode). Conventionally, the entire volatile memory can be powered or only specific addressable portions of the memory block can be powered, thereby maintaining their contents.
Storage devices may be employed in various secure applications to store protected data. For example, a semiconductor memory circuit may be used in a smart card, set-top box, Subscriber Identity Module (SIM) card or banking card to store user identification information, account information, device preference information or electronic payment authorization information.
Because of the potential value of protected data stored in a storage device, hackers may employ various invasive and noninvasive techniques to access or corrupt the protected data. For example, a hacker may grind off a portion of the storage device packaging in order to access internal signals and bypass security measures that may be in place. As another example, a hacker may subject the storage device to various kinds of radiation (e.g., laser light directed to exposed internal circuits or x-ray or gamma radiation directed through packaging) in an attempt to corrupt protected data. In some devices, corruption of protected data at certain locations in the device may cause the device to bypass security measures (e.g., encryption algorithms) or to yield information to the hacker regarding device architecture or the protected data itself.
A hacker may also employ non-invasive, or “side channel” attacks to discover functional details of a storage device. In particular, a hacker may observe various aspects of the device in operation, and apply statistical analysis to the observed aspects to deduce operational details of the device or to extract sensitive information (e.g., encryption or decryption keys). For example, the hacker may use differential power analysis (DPA) to analyze power consumption during device operations. Since the power consumption may be directly related to particular operations, the hacker may be able to deduce, for example, particular bits of a key used in a decryption algorithm, by observing many instances of a particular operation and applying statistical analysis to the observations. Similarly, a hacker may employ electromagnetic analysis (EMA) to monitor radiation output of a device during particular operations; statistical analysis of the radiation may also reveal sensitive information. A hacker may also analyze timing between variations in power consumption or electromagnetic radiation to identify times at which key operations of known algorithms (e.g., encryption or decryption algorithms) are performed.
Once a hacker has extracted sensitive information from a device, the hacker may use the sensitive information for various nefarious purposes. For example, the hacker may obtain pay-per-view or video-on-demand services using another user's account; the hacker may access telecommunication services that are billed to another user; the hacker may steal another user's bank account funds; the hacker may steal another's identity; etc.